[Mailman-Developers] Web Interface: Login
Barry Warsaw
barry at list.org
Mon Mar 23 15:08:49 CET 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On Mar 23, 2009, at 9:47 AM, Patrick Ben Koetter wrote:
> I think it makes sense to simplify the interface and have only one
> login page,
> but ...
>
> Subscribers need to provide their mail address (authentication
> identity) and
> their password. Admin and moderators currently don't have to.
This is broken, for many reasons. It's this way because MM2 doesn't
have a notion of roles, so "admin" and "moderator" is defined solely
because you know a password. This password is shared among all people
sharing that role, which is another reason why this is broken.
Ideally, (in MM3) Mailman would have accounts, which would be separate
from but linked with the email addresses it manages for lists and
such. It should be separate in the sense that authentication
information may come from external systems, e.g. your content
management user accounts, or Launchpad, or OpenID, etc.
> If we had only one login page, would that require admin and
> moderators to
> provide an authentication identity too and not only their password?
> (At the
> moment I believe this would be a benefit. One could have more than
> one admin
> without having them share one password.)
>
> Would that break any upgrade compatibility for none MM3 lists?
Let's worry only about MM3 lists here. We'll have to deal with
upgrading/importing from MM2 at some point, but if possibly I'd like
to not compromise the MM3 design with worrying about importing from MM2.
Barry
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Darwin)
iEYEARECAAYFAknHl/EACgkQ2YZpQepbvXG7qwCgqfdB0eGVgWol0NcDqUoxpN3p
t9MAnRRCLi08H6t5wEPQtWFw5iG9B5TV
=L3oK
-----END PGP SIGNATURE-----
More information about the Mailman-Developers
mailing list